iang
/
teems


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230
							#include <pthread.h>
#include "Enclave_t.h"
#include "utils.hpp"
#include "config.hpp"
#include "route.hpp"
#include "ingest.hpp"

Ingestion g_ing;

void displayMessage(unsigned char *msg, uint16_t msg_size) {
    clientid_t sid, rid;
    unsigned char *ptr = msg;
    sid = *((clientid_t*) ptr);
    ptr+=sizeof(sid);
    rid = *((clientid_t*) ptr);
    ptr+=sizeof(rid);
    printf("Sender ID: %d, Receiver ID: %d, Token: N/A\n", sid, rid );
    printf("Message: ");
    for(int j = 0; j<msg_size - sizeof(sid)*2; j++) {
        printf("%x", (*ptr));
        ptr++;
    }
    printf("\n");
}

void displayEncMessageBundle(unsigned char *bundle, uint16_t priv_out, uint16_t msg_size) {
    unsigned char *ptr = bundle;

    printf("IV: ");
    for(int i=0; i<SGX_AESGCM_IV_SIZE; i++) {
        printf("%x", ptr[i]);
    }
    printf("\n");
    ptr+= SGX_AESGCM_IV_SIZE;

    for(int i=0; i<priv_out; i++) {
        displayMessage(ptr, msg_size);
        ptr+=msg_size;
    }

    printf("MAC: ");
    for(int i=0; i<SGX_AESGCM_MAC_SIZE; i++) {
        printf("%x", ptr[i]);
    }
    printf("\n");
}

bool ecall_ingest_msgbundle(clientid_t cid, unsigned char *msgbundle,
    uint32_t num_msgs)
{
    bool ret;
    ret = g_ing.processMsgBundle(cid, msgbundle, num_msgs);
    return ret;
}

bool ecall_ingestion_authenticate(clientid_t cid, unsigned char *auth_message)
{
    bool ret;
    ret = g_ing.authenticate(cid, auth_message);
    return ret;
}

void Ingestion::initialize(uint32_t num, uint32_t start, sgx_aes_gcm_128bit_key_t &ESK) {
    cnum = num;
    cstart = start;
    clients = new IngClient[cnum];

    generateClientKeys(ESK);

    if(g_teems_config.private_routing) {
        max_buffer_size = g_teems_config.m_priv_out * cnum;
    } else {
        max_buffer_size = g_teems_config.m_pub_out * cnum;
    }
    buffer = &(route_state.ingbuf);
}

bool Ingestion::authenticate(clientid_t cid, unsigned char *auth_message)
{
    uint32_t num_ing_nodes = g_teems_config.num_ingestion_nodes;
    uint32_t lcid = cid / num_ing_nodes;
    const sgx_aes_gcm_128bit_key_t *ckey = &(clients[lcid].key);
    return(authenticateClient(auth_message, ckey));
}

bool Ingestion::processMsgBundle(clientid_t cid, unsigned char *msgbundle,
    uint32_t num_msgs) {

    // Fetch corresponding client key
    uint32_t num_ing_nodes = g_teems_config.num_ingestion_nodes;
    clientid_t lcid = cid / num_ing_nodes;
    sgx_aes_gcm_128bit_key_t *ckey = &(clients[lcid].key);
    unsigned char *iv = msgbundle;
    msgbundle += SGX_AESGCM_IV_SIZE;

    uint16_t msg_size = g_teems_config.msg_size;
    uint32_t msgbundle_size;
    if(g_teems_config.private_routing) {
        msgbundle_size = num_msgs * (msg_size + TOKEN_SIZE);
    } else {
        msgbundle_size = num_msgs * msg_size;
    }
    unsigned char *dec_msgbundle = (unsigned char *) malloc (msgbundle_size);
    sgx_aes_gcm_128bit_tag_t *tag = (sgx_aes_gcm_128bit_tag_t*) (msgbundle + msgbundle_size);

    sgx_status_t ret = sgx_rijndael128GCM_decrypt(ckey, msgbundle, msgbundle_size,
        dec_msgbundle, iv, SGX_AESGCM_IV_SIZE, NULL, 0, tag);
    if(ret!=SGX_SUCCESS) {
        printf("Ingestion::processMsgBundle FAIL\n");
        printf("Error code: %d", (uint32_t) ret);
        free(dec_msgbundle);
        return false;
    }

    // TODO: Verify the tokens from end of the msgbundle
    // before appending them into the MsgBuffer
    bool verified  = true;
    if(g_teems_config.private_routing) {
        unsigned char token_body[TOKEN_SIZE];
        const sgx_aes_gcm_128bit_key_t *pTSK = &(g_teems_config.TSK);
        unsigned char *dm_ptr = dec_msgbundle;
        unsigned char *tkn_ptr = dm_ptr + (msg_size * num_msgs);
        sgx_cmac_state_handle_t cmac_handle;
        sgx_cmac_128bit_tag_t token;

        for(int k =0; k < num_msgs; k++)
        {
            ret = SGX_SUCCESS;
            memset(token_body, 0, TOKEN_SIZE);
            memcpy(token_body, dm_ptr, sizeof(clientid_t) * 2);
            memcpy(token_body + sizeof(clientid_t) * 2, (uint8_t*) &ingestion_epoch, sizeof(ingestion_epoch));
            ret = sgx_rijndael128_cmac_msg(pTSK, token_body, TOKEN_SIZE,
                (sgx_cmac_128bit_tag_t*) &token);
            if(ret!=SGX_SUCCESS) {
                printf("Ingestion::processMsgBundle: Token recreation FAIL\n");
                printf("ret = %x", ret);
                return false;
            }

            /*
            printf("Received token:\n");
            for(int l=0; l<SGX_CMAC_MAC_SIZE; l++) {
                printf("%x", tkn_ptr[l]);
            }
            printf("Verify created token:\n");
            for(int l=0; l<SGX_CMAC_MAC_SIZE; l++) {
                printf("%x", token[l]);
            }
            */

            int diff = memcmp(token, tkn_ptr, SGX_CMAC_MAC_SIZE);
            if(diff!=0) {
                printf("Ingestion::processMsgBundle: Tokens do not match FAIL\n");
                return false;
            }

            dm_ptr+= msg_size;
            tkn_ptr+=SGX_CMAC_MAC_SIZE;
        }
    }

    if(verified) {
        // Append msgbundle to g_ing.buffer;
        MsgBuffer &msg_queue = *(g_ing.buffer);

        pthread_mutex_lock(&msg_queue.mutex);
        uint32_t head = msg_queue.reserved;
        if (head + num_msgs > g_ing.max_buffer_size) {
            pthread_mutex_unlock(&msg_queue.mutex);
            printf("Ingestions: Max %u messages exceeded\n",
                g_ing.max_buffer_size);
            return false;
        }
        msg_queue.reserved += num_msgs;
        pthread_mutex_unlock(&msg_queue.mutex);

        memmove(msg_queue.buf + head * msg_size,
            dec_msgbundle, num_msgs * msg_size);

        pthread_mutex_lock(&msg_queue.mutex);
        msg_queue.inserted += num_msgs;
        pthread_mutex_unlock(&msg_queue.mutex);

        free(dec_msgbundle);
        return true;
    }

    return false;
}

void Ingestion::generateClientKeys(sgx_aes_gcm_128bit_key_t &ESK)
{
    //printf("In Ingestion::genCK, num_clients = %d, client_start = %d, client_end = %d\n",
    //    cnum, cstart, cnum + cstart);
    uint32_t num_ing_nodes = g_teems_config.num_ingestion_nodes;

    for(uint32_t i=0; i<cnum; i++)
    {
        unsigned char zeroes[SGX_AESGCM_KEY_SIZE];
        unsigned char iv[SGX_AESGCM_IV_SIZE];
        sgx_aes_gcm_128bit_tag_t tag;
        memset(zeroes, 0, SGX_AESGCM_KEY_SIZE);
        memset(iv, 0, SGX_AESGCM_IV_SIZE);

        uint32_t client_num = cstart + (i * num_ing_nodes);
        memcpy(iv, (uint8_t*) (&client_num), sizeof(client_num));

        sgx_status_t ret = SGX_SUCCESS;
        ret = sgx_rijndael128GCM_encrypt((const sgx_aes_gcm_128bit_key_t *) (ESK),
            zeroes, SGX_AESGCM_KEY_SIZE, (uint8_t*) (clients[i].key), iv,
            SGX_AESGCM_IV_SIZE, NULL, 0, &tag);
        if(ret!=SGX_SUCCESS) {
            printf("Ingestion::GCK FAIL\n");
        }

        /*
        printf("Client %d Ingestion: (after Gen) ", client_num);
        for(int j=0;j<SGX_AESGCM_KEY_SIZE;j++) {
            printf("%x", (clients[i].key)[j]);
        }
        printf("\n");
        */

    }
}

sgx_aes_gcm_128bit_key_t* Ingestion::getClientKey(uint32_t lcid)
{
    return(&(clients[lcid].key));
}